My question is this, if a successful PASE buffer overflow is
accomplished under i5/OS, what can the hacker hope to accomplish? What
rights would they have to the rest of the system?
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Patrick Botz
Sent: Monday, October 22, 2007 3:53 PM
To: Midrange Systems Technical Discussion
Subject: RE: DB2UDB hack
Whenever you see the terms mentioned above (and/or "remote code
execution")
you can be assured that it's yet another LUW-only exploit, and that
i5/OS as
usual is completely safe (and thus needs no fixes).
This is mostly true, but not universally true. Anything that runs in
the
PASE environment under i5/OS is susceptible to a buffer overflow attack
just like a standard LUW. So you can't just assume that no matter what
it
is, it won't affect i5/OS.
For example, the DNS server on i5/OS runs in PASE. If you see a buffer
overflow vulnerability for the version of the DNS server supported by
i5/OS AND you see that AIX has the same vulnerability, then you need to
update the same AIX binary in PASE on i5/OS. I believe Rochester will
make
a PTF for i5/OS customers so they don't have to get the AIX fix and
figure
out what to change on i5/OS side of the house.
Another example is PHP. The PHP engine runs in PASE. Buffer overflow
attacks against the engine itself (rather than security issues with
poorly
written PHP scripts) would also be something that you would want to fix
on
i5/OS.
Any 3rd party applications that run in PASE would also be candidates to
patch for buffer overflow attach type fixes.
The good news is that most of the OS still runs in native i5/OS mode.
midrange.com
